The Vice Society ransomware gang has been spotted using a custom-made PowerShell tool to exfiltrate data from networks they have compromised. This tool is built to avoid detection by using in-built data exfiltration methods, which are more difficult to identify than external tools. This enables the tool to blend into the operating environment and evade security mechanisms. Vice Society is a ransomware group that focuses on extortion and has been observed using the PolyVice variant of ransomware, which utilizes hybrid encryption for secure file encryption. The PowerShell script, discovered by researchers, identifies mounted drives on a system and searches for data to exfiltrate recursively through the root directories using HTTP. The tool is designed to exclude system files, backups, folders linked to web browsers, and security solutions from Symantec, ESET, and Sophos. The discovery of this tool is a reminder for organizations to prioritize robust security protection to counter evolving threats.
To mitigate these potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net
Source: The Hacker News